Solved

Problem after rename of a domain controller

Posted on 2010-08-18
12
1,497 Views
Last Modified: 2012-05-10
I've decommissioned and domain controller (dc5) and then after a day renamed another domain controller to dc5.

Picking up problems on one of the root dc's where it keeps the serverreference attribute as the old dc's name. Thought this would be easy...

dcdiag throwing machine account errors. have already done a dcdiag /fixmachineaccount

* LIB-DC5-JHB Server Reference is incorrect! Should be CN=LIB-DC5-JHB1,OU=Domain Controllers,DC=something,DC=fin-za,DC=net, and is CN=LIB-DC5-JHB,OU=Domain Controllers,DC=something,DC=fin-za,DC=net.

ldap_search_sW failed with 2: The system cannot find the file specified.

......................... LIB-DC5-JHB failed test MachineAccount

When I go into adsiedit on the root dc and try and change the serverreference attribute it defaults back to the old name.
0
Comment
Question by:Nelesh_N
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33462481
Its never as easy as that, although it should be...

here is a great article on achieving what you need ;

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/72d5eda0-7185-4f97-a1cf-7952c12dc786
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33462815
Did you actually demote the old DC5 before it was removed?
If so then a simple DCDIAG /fix may solve the problem
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33463571
Yes I did do a demotion to a member server. Will try.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33463686
nope doesnt work.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33464416
only one of the three root dc's that I have is picking up this problem.
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33469701
What if you change the name to something else?

Then possibly change it back?

Strange one this.
0
 
LVL 3

Expert Comment

by:pmaribeiro
ID: 33473414
This server had FSMO roles and did you moved them?
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33474450
Yes they were moved...
0
 
LVL 3

Expert Comment

by:pmaribeiro
ID: 33474857
You need to go to AD sites and services, enter in the site where DC5 was and remove all entries about him.
Then do the same on the DNS and AD users and computers on the domain controllers container.

I would suggest to give a different name, because sometimes conflicts may ocur with some objects that may have be with the ID of the demoted DC.

So if you can try to change it.
0
 
LVL 1

Author Comment

by:Nelesh_N
ID: 33496096
So the problem is that there was a lib-dc5-jhb already in the environment, then a lib-dc5-jhb1 was introduced. The second machine is a hardware replacement for lib-dc5-jhb. I then did the dcpromo to remove lib-dc5-jhb - all went successfully. Then I renamed lib-dc5-jhb1 to lib-dc5-jhb. This is where the problem lies, I dont think AD likes the reuse of machine names. If I do a ntdsutil I dont see any refernce to lib-dc5-jhb1 but if I go to sites and services on another dc which happens to hold fsmo roles and is in the root. Go to sites and services, if I go to properties on lib-dc5-jhb I still see the server name as lib-dc5-jhb1. If I try to change the serverreference in adsiedit it defaults back to lib-dc5-jhb1. Why it must be pulling this info from somewhere, I also looked at DNS and cannot find any reference to lib-dc5-jhb1...
0
 
LVL 1

Accepted Solution

by:
Nelesh_N earned 0 total points
ID: 33624216
Ended up removing LIB-DC5-JHB... fixed my problem will reintroduce as another dc.
0
 
LVL 3

Expert Comment

by:pmaribeiro
ID: 33624860
Its the best solution because even if you remove all entries as stated there the possibility the remainings of the old SID lying arround and will create enough problems with the same name. If seen this too often and normally the best solution is to rename to a new name. Because the time consuming to solve AD issues sometimes is extremely high.
0

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Active directory upgrade to DFSR 4 28
GPO warning 15 27
IT Contract Fee 17 81
Power shell script 6 0
As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now